Assessing andManaging theTerrorism Threat

Bureau of Justice Assistance

U.S. Department of Justice

Office of Justice Programs

Bureau of Justice AssistanceN

EW

RE

AL

ITIE

SLa

wEn

forc

em

en

tin

the

Po

st-9

/11

Era

The Bureau of Justice Assistance is a component of the Office of Justice Programs, which alsoincludes the Bureau of Justice Statistics, the National Institute of Justice, the Office of JuvenileJustice and Delinquency Prevention, and the Office for Victims of Crime.

U.S. Department of JusticeOffice of Justice Programs

810 Seventh Street NW.Washington, DC 20531

Alberto R. GonzalesAttorney General

Regina B. SchofieldAssistant Attorney General

Domingo S. HerraizDirector, Bureau of Justice Assistance

Office of Justice ProgramsPartnerships for Safer Communities

www.ojp.usdoj.gov

Bureau of Justice Assistancewww.ojp.usdoj.gov/BJA

NCJ 210680

Written by Col. Joel Leson

This document was prepared by the International Association of Chiefs of Police, under cooperativeagreement number 2003–DD–BX–K002, awarded by the Bureau of Justice Assistance, Office ofJustice Programs, U.S. Department of Justice. The opinions, findings, and conclusions orrecommendations expressed in this document are those of the authors and do not necessarilyrepresent the official position or policies of the U.S. Department of Justice.

Bureau of Justice AssistanceInformation

BJA’s mission is to provide leadership and services in grant administration andcriminal justice policy to support local, state, and tribal justice strategies toachieve safer communities. For more indepth information about BJA, itsprograms, and its funding opportunities, contact:

Bureau of Justice Assistance810 Seventh Street NW.Washington, DC 20531202–616–6500Fax: 202–305–1367www.ojp.usdoj.gov/BJAE-mail: AskBJA@usdoj.gov

The BJA Clearinghouse, a component of the National Criminal Justice ReferenceService, shares BJA program information with federal, state, local, and tribalagencies and community groups across the country. Information specialistsprovide reference and referral services, publication distribution, participation andsupport for conferences, and other networking and outreach activities. Theclearinghouse can be contacted at:

Bureau of Justice Assistance ClearinghouseP.O. Box 6000Rockville, MD 20849–60001–800–851–3420Fax: 301–519–5212www.ncjrs.orgE-mail: askncjrs@ncjrs.org

Clearinghouse staff are available Monday through Friday, 10 a.m. to 6 p.m.eastern time. Ask to be placed on the BJA mailing list.

To subscribe to the electronic newsletter JUSTINFO and become a registeredNCJRS user, visit http://puborder.ncjrs.org/register.

Bureau of Justice Assistance

U.S. Department of Justice

Office of Justice Programs

Bureau of Justice Assistance

Washington, DC 20531

Official BusinessPenalty for Private Use $300

PRESORTED STANDARDPOSTAGE & FEES PAID

DOJ/BJAPermit No. G–91*NCJ~210680*

Assessing andManaging theTerrorism Threat

September 2005

NCJ 210680

Bureau of Justice Assistance

iii

Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vii

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Appendix I: Promising Practices/Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Appendix II: Homeland Security Comprehensive Assessment Model (HLS-CAM): Up and Running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Appendix III: A Promising Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Appendix IV: Risk Assessment Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Contents

v

Post 9-11 Policing Project Staff

The Post 9-11 Policing Project is the work of theInternational Association of Chiefs of Police (IACP),National Sheriffs’ Association (NSA), NationalOrganization of Black Law Enforcement Executives(NOBLE), Major Cities Chiefs Association (MCCA),and Police Foundation. Jerry Needle, Director ofPrograms and Research, IACP, provided overallproject direction.

■ International Association of Chiefs of Police

Phil Lynn served as IACP’s Project Director,managed development and publication of the fourPromising Practices Briefs, and authored MutualAid: Multijurisdictional Partnerships for MeetingRegional Threats. Andrew Morabito co-authoredEngaging the Private Sector to Promote HomelandSecurity: Law Enforcement-Private SecurityPartnerships and analyzed Post 9-11 survey data.Col. Joel Leson, Director, IACP Center for PoliceLeadership, authored this monograph—Assessingand Managing the Terrorism Threat. Walter Tangelserved as initial Project Director.

Dr. Ellen Scrivner, Deputy Superintendent,Bureau of Administrative Services, ChicagoPolice Department, contributed to all phasesof project design and co-facilitated the 9-11Roundtables with Jerry Needle. Marilyn Peterson,Management Specialist-Intelligence, New JerseyDivision of Criminal Justice, authored IntelligenceLed Policing: The New Intelligence Architecture.

■ National Sheriffs’ Association

Fred Wilson, Director of Training, directed NSAproject activities, organized and managed Post 9-11Roundtables, and worked closely with IACP staffthroughout the course of the project. NSA projectconsultants included Chris Tutko, Director of NSA’sNeighborhood Watch Project; John Matthews; andDr. Jeff Walker, University of Arkansas, LittleRock.

■ National Organization of Black LawEnforcement Executives

Jessie Lee, Executive Director, served as NOBLE’sProject Director and conducted most staff work.

■ The Police Foundation

Edwin Hamilton directed Foundation projectactivities and managed Post 9-11 survey formattingand analysis, assisted by Rob Davis. Foundationconsultants included Inspector Garth den Heyer ofthe New Zealand Police and Steve Johnson of theWashington State Patrol.

■ Major Cities Chiefs Association

Dr. Phyllis McDonald, Division of Public SafetyLeadership, Johns Hopkins University, directed thework of the Major Cities Chiefs Association. TheMCCA team included Denis O’Keefe, Consultant;Corinne Martin, Program Coordinator; andShannon Feldpush.

Dr. Sheldon Greenberg, Director of the Division ofPublic Safety Leadership, co-authored Engaging thePrivate Sector to Promote Homeland Security: LawEnforcement-Private Security Partnerships.

Promising Practices Reviews

Promising Practices drafts were critiqued and enrichedby a series of practitioners/content experts including:Richard Cashdollar, Executive Director of PublicSafety, City of Mobile, AL; George Franscell,Attorney-at-Law, Franscell, Strickland, Roberts andLawrence, Los Angeles, CA; Mary Beth Michos,State Mutual Aid Coordinator, Prince William County,VA; David Bostrom, Manager, Community PolicingConsortium, IACP; John P. Chase, Chief of Staff,IAIP, Department of Homeland Security; John M.Clark, Assistant Vice President/Chief of Police,Burlington Northern Santa Fe Railroad; John A.LeCours, Director/Intelligence, Transport Canada;

Acknowledgements

vi

Ronald W. Olin, Chief of Police, Lawrence, KS; EdJopeck, Analyst, Veridian; Jerry Marynik, Admini-strator, State Terrorism Threat Assessment Center,California Department of Justice; and Bart Johnson,Office of Counter Terrorism, New York State Police.

The Bureau of Justice Assistance, IACP, and each ofthe partner organizations in the Post 9-11 PolicingProject wish to acknowledge and thank Ms. MelissaSmislova, Chief, Homeland Infrastructure Threat andRisk Analysis Center at the U.S. Department ofHomeland Security for her review and input intoAssessing and Managing the Terrorism Threat onbehalf of the Department.

Executive Oversight

The Post 9-11 Policing Project was initially con-ceptualized by the Office of Justice Programs, U.S.Department of Justice. Since inception, the projectwas guided throughout by the chief executive officersof the partner associations:

■ Daniel N. Rosenblatt, Executive Director,International Association of Chiefs of Police

■ Thomas N. Faust, Executive Director, NationalSheriffs’ Association

■ Jessie Lee, Executive Director, National Organi-zation of Black Law Enforcement Executives

■ Hubert Williams, President, The Police Foundation

■ Thomas C. Frazier, Executive Director, MajorCities Chiefs Association

Bureau of Justice Assistance Guidance

We gratefully acknowledge the technical guidanceand patient cooperation of executives and programmanagers who helped fashion project work: James H.Burch II, Deputy Director; Michelle Shaw, PolicyAdvisor; and Steven Edwards Ph.D., Senior PolicyAdvisor for Law Enforcement.

vii

The continuous threat of terrorism has thrustdomestic preparedness obligations to the very top

of the law enforcement agenda. For today’s lawenforcement executive, the capacity to assess andmanage risk is imperative. In the post-September 11era, this capacity must be considered as much a stapleof law enforcement operations as crime analysis,criminal intelligence, and crime prevention. Theconsequences of failing to assess and manage terroristthreats and risk could be incalculable.

This document outlines the essential components ofrisk assessment and management, which entail thefollowing sequential tasks:

■ Critical infrastructure and key asset inventory.

■ Criticality assessment.

■ Threat assessment.

■ Vulnerability assessment.

■ Risk calculation.

■ Countermeasure identification.

Executive Summary

Risk assessment and management concepts andmethodologies are evolving rapidly. Although modelsdiffer in the definition, labeling, and sequencing ofsteps, there is solid consensus on the essentialcomponents. In this monograph, each component isdefined and briefly examined. Protocols are suppliedto quantify/calculate criticality, threat, vulnerability,and risk.

Experience and skill with risk assessment andmanagement are limited in many law enforcementagencies. To assist in reversing this situation, thisreport supplies capacity-building information thatincludes promising programs, software, and trainingreferences. Capacity “acquisition” through shared/regional arrangements is not only economicallypractical for many agencies, it promises to leverageeffectiveness for all agencies by pooling andcoordinating information and planning jointcountermeasures.

1

Surprise, when it happens to a government, islikely to be a complicated, diffuse, bureaucraticthing. It includes neglect of responsibility butresponsibility so poorly defined or so ambiguouslydelegated that action gets lost. It includes gaps inintelligence, but also intelligence that, like a stringof pearls too precious to wear, is too sensitive tothose who need it . . . . It includes, in addition, theinability of individual human beings to rise to theoccasion until they are sure it is the occasion—which is usually too late . . . . Finally, as at PearlHarbor, surprise may include some measure ofgenuine novelty introduced by the enemy, andpossibly some sheer bad luck.

—Thomas C. Schelling, as quoted inPearl Harbor: Warning and Decision

by Roberta Wohlstetter (1962)

The price of living in a free and open Americansociety grew exponentially after the tragic events

of September 11, 2001. The scale and method of theterrorist attacks on that day have significantly affectedthe way law enforcement and security operations mustbe conducted to protect critical infrastructure. High-profile incidents such as the World Trade Centerbombing in 1993 and the bombing of the MurrahBuilding in Oklahoma City in 1995 should haveserved as a permanent wake-up call to all Americans.However, the relative speed with which these crimeswere solved, and the perceived isolation in which theywere conceived and executed, caused many to carry onwith business as usual.

Statement of the Problem

Foremost among the demands that confront police inthe post-September 11 environment is the ability toeffectively and efficiently collect, assess, disseminate,and act on intelligence information regarding threatsposed by transnational and domestic terrorists. In acountry with nearly 17,000 law enforcement agenciesstaffed by 700,000 sworn police officers, deputysheriffs, and criminal investigators, meeting these

demands is particularly challenging and complex.Classified security and jurisdictional issues tend toblur lines of communication. The need fortechnological interoperability, standardization, andoperational networking within and among all agencieshas been amplified. These demands, coupled with therequirement that local jurisdictions conduct threat,vulnerability, and needs assessments to qualify forfederal homeland security funding through the StateHomeland Security Assessment and Strategy Program,present clear challenges to law enforcementexecutives.

Progress to Date

Results of a recent survey conducted by theInternational Association of Chiefs of Police (IACP)documents that the frequency of information sharingamong federal, state, and local law enforcementagencies has improved since the September 11terrorist attacks (Needle, 2004). The U.S Departmentsof Justice (DOJ) and Homeland Security (DHS) arepromoting developments that are improving both thedissemination of intelligence and threat-relatedinformation and the ability to assess risk and reducethe vulnerability of potential targets within the publicand private infrastructure. Guiding theseimprovements is the National Criminal IntelligenceSharing Plan (NCISP), which was endorsed by bothdepartments and the Federal Bureau of Investigation(FBI) in October 2003. The issuance of the NCISP hasbeen followed by the development of the FusionCenter Guidelines, which will be issued jointly byDOJ and DHS, in coordination with DOJ’s GlobalJustice Information Sharing Initiative (Global), whichrepresents more than 30 independent organizationsspanning the spectrum of law enforcement and otherjustice entities.

For example, DHS has expanded its computer-basedcounter-terrorism system to all 50 states, 5 territories,the District of Columbia, and 50 major urban areas toimprove the flow of threat information. This relativelynew communications system, called the Homeland

Introduction

2

Security Information Network (HSIN), offers statesand major cities real-time, interactive connectivitywith the DHS Homeland Security Operations Center.

Another system, the Regional Information SharingSystems (RISS), was initiated in 1980, and isadministered by the U.S. Department of Justice, Officeof Justice Programs’ Bureau of Justice Assistance. Itconsists of six regional centers that share intelligenceand coordinate efforts against criminal networks thatcross jurisdictional lines. RISS serves more than 7,500law enforcement agencies and their branches in 50states, the District of Columbia, Canada, Australia, theUnited Kingdom, Guam, the U.S. Virgin Islands, andPuerto Rico. The FBI has created the National JointTerrorism Task Force (NJTTF), and it supports FBIfield office-based JTTFs to expedite the exchange ofthreat information. In July 2003, the DHS Office ofDomestic Preparedness (ODP) announced a majorrefinement of the State Homeland Security Assessmentand Strategy (SHSAS) Process, which was establishedin fiscal year 1999 to assess threats, vulnerabilities,capabilities, and preparedness related to weapons ofmass destruction and terrorism incidents at the stateand local levels. ODP continues to support state andlocal jurisdictions by providing technical assistance toensure that SHSAS is fully implemented throughoutthe United States.

These major efforts to improve the flow of terroristand criminal intelligence, coupled with the operationof newly formed regional law enforcement intelligencefusion centers in strategic locations throughout thecountry, hold great promise for law enforcement’scollective ability to effectively acquire and exchangereal-time intelligence and threat information. Whilefederal and state law enforcement agencies have beenactively pursuing improvements in intelligence andinformation flow and risk assessment, many countyand municipal law enforcement agencies have beendoing the same. They have been improving theirinformation technology capabilities, organizing orexpanding their criminal intelligence and criticalincident management capabilities, and participating inregional intelligence consortiums.

The attacks of September 11 have brought, andcontinue to bring, changes in the way law enforcementconducts its operations. However, the critical and basic

task of conducting timely, ongoing, and viable threatassessments has not changed.

Objectives

This monograph explains risk assessment, how it isconducted, and how it fits into the risk managementprocess—a process that all law enforcement executivesshould master in the post-September 11 era. Themonograph defines terms used in risk management,including threat, vulnerability, and criticalityassessment, and provides a utilitarian risk managementmethodology. Finally, it discusses how promising localpractices are being adapted to implement the DHSState Homeland Security Assessment and StrategyProgram.

State of Practice

Professionals in the private sector and at all levels ofgovernment are unanimous in their opinions that it isnot a question of if another devastating terrorist eventwill occur, but when and where it will occur. In anongoing study, the Rutgers Center for the Study ofPublic Security is conducting a survey to discoverhow law enforcement officials in the United Statesassess their local terrorist threat. Eighty percent of thealmost 1,400 respondents who were surveyed expecta terrorist event to occur in their jurisdiction withinthe next 5 years—most likely a cyberterrorism orconventional attack. Almost all respondents reportedthat at least one terrorist group is present in theirjurisdiction.

To confront, minimize, and prevent terrorist acts, thelaw enforcement arsenal must include a sophisticatedrisk-management capability. Risk assessment andmanagement must become an essential capacity oflaw enforcement agencies. Capacity can reside in-house, at the government level (e.g., a city office ofhomeland security), or be acquired from county,regional, or state law enforcement and homelandsecurity collaborative groups or agencies. The riskassessment and management capacity of state andlocal law enforcement agencies has not beendocumented, though it is believed that many agencies,if not most, do not possess the required skills. Riskassessment is a relatively new activity for lawenforcement agencies, and the art and its vocabulary

3

are constantly changing. The requirement thatapplications for select homeland security grants beaccompanied by evidence that an agency is workingwith threat assessment also is leading to furtherconceptual and methodological development.

Identifying CriticalInfrastructure: What To Protect

It is important to consider what can be threatened andwhat must be protected by state and local lawenforcement agencies and their counterparts thatprovide security in the private sector. The scope andmagnitude of critical infrastructure and assets aredefined in The National Strategy for the PhysicalProtection of Critical Infrastructure and Key Assets(The White House, 2003). In initiating this strategy,President George W. Bush stated:

To address the threat posed by those who wish toharm the United States, critical infrastructureowners and operators are assessing theirvulnerabilities and increasing their investment insecurity. State and municipal governments acrossthe country continue to take important steps toidentify and assess the protection of key assets andservices within their jurisdictions. Federaldepartments and agencies are working closely withindustry to take stock of key assets and facilitateprotective actions, while improving the timelyexchange of important security related information.

Since implementation of this national strategy, thecritical infrastructure sectors—those infrastructuresand assets deemed most critical to national publichealth and safety, governance, economic and nationalsecurity, and retaining public confidence—have beenrefined and expanded.

Critical infrastructure now includes:

■ Agriculture.

■ Banking and finance.

■ Chemical and hazardous waste.

■ Defense industrial base.

■ Energy.

■ Emergency services.

■ Food.

■ Government.

■ Information and telecommunications.

■ Transportation.

■ Postal and shipping services.

■ Public health.

■ Water.

Key assets now include:

■ National monuments and icons.

■ Nuclear power plants.

■ Dams.

■ Government facilities.

■ Commercial assets.

State and local law enforcement executives mustensure that their community’s vulnerability to attack isproperly analyzed by identifying critical facilities andfunctions, and must work to improve their security. Itis understood that complete protection of everyreservoir, parking garage, mass transit terminal, largebuilding, and other potential targets within ajurisdiction is not possible. It is also understood,however, that the more difficult it is for terrorists tointroduce weapons into a given area or facility, the lesslikely terrorists are to initiate an attack.

Evaluation of critical infrastructure and key assets inthe community should be ongoing. Law enforcementleaders should constantly maintain and update adatabase of a jurisdiction’s critical assets andvulnerable infrastructure points. Appendixes II and IIIprovide tools that law enforcement executives can useto train personnel and establish a comprehensivedatabase. Specifically, appendix II providesinformation on the Homeland Security ComprehensiveAssessment Model (HLS–CAM), a software programthat the State of Florida used to develop and maintainits database of critical assets and vulnerable

4

infrastructure locations. This appendix identifies whatsuch a comprehensive database contains and describesthe HLS–CAM software available to law enforcementand emergency service agencies. Although theevaluation and assessment processes may seemoverwhelming, law enforcement agencies must makethe risk analysis process an inherent part of their lawenforcement operations and present an objective casefor improved public safety. Assessments should bemade not only on the basis of routine operation andtesting, but also on how effective the procedures willbe in an actual attempted attack.

A Risk Assessment andManagement Approach

Risk assessment and management entails the followingsequential steps:

■ Critical infrastructure and key asset inventory.

■ Criticality assessment.

■ Threat assessment.

■ Vulnerability assessment.

■ Risk calculation.

■ Countermeasure identification.

Literature and agencies differ in how they define,label, and arrange these steps.

5

Criticality Assessment:Evaluating Assets

DHS defines criticality assessment as follows:

A systematic effort to identify and evaluateimportant or critical assets within a jurisdiction.Criticality assessments help planners determinethe relative importance of assets, helping toprioritize the allocation of resources to the mostcritical assets.

An essential part of the risk equation is consideringthe consequence of the loss of or serious damage toimportant infrastructure, systems, and other assets.The measure of criticality, or asset value, determinesthe ultimate importance of the asset. Loss of life anddamage to essential assets are of paramount concern tolaw enforcement executives. Loss of symbolic targets,which can result in the press coverage terrorists seek,is also important; it can destroy people’s faith in theability of law enforcement and government to protectthe public.

Assessing criticality can at times involve some degreeof subjectivity. Assessments may rely on the intimateknowledge of law enforcement agency professionalsand their colleagues in other government agenciesto gauge the importance of each potential target.However, clear objective thought must prevail whenloss of human life is possible. Certain facilities areinherently vulnerable and should be addressedas critical infrastructure or key assets by lawenforcement:

■ Transportation facilities, terminals, and other areaswith concentrations of persons.

■ Public utilities—electricity, water, natural gas,waste treatment.

■ Public and government facilities; symbolic sites;town halls; county buildings; police, fire, andschool buildings; stadiums; museums; andmonuments.

■ Financial and banking institutions.

■ Defense and defense-related industry and researchcenters.

■ Transportation support systems—radar, bridges,tunnels, piers, and aids to navigation.

■ Health care facilities—public and private.

■ Cyber/information technology service facilitiesand sites.

Calculating Criticality

A five-point scale can be used to estimate the impactof loss of life and property, interruption of facility orother asset use, or gain to be realized by an adversary:

■ Extreme (5): Substantial loss of life or irreparable,permanent, or prohibitive costly repair to a facility.Lack of, or loss of, a system or capability wouldprovide invaluable advantage to the adversary(press coverage, the political advantage or tacticaladvantage to carry out further plans).

■ High (4): Serious and costly damage to a facility ora positive effect for the adversary. No loss of life.

■ Medium (3): Disruptive to facility operations for amoderate period of time; repairs—althoughcostly—would not result in significant loss offacility capability. No loss of life.

■ Low (2): Some minor disruption to facilityoperations or lack of capability, does not materiallyadvantage the enemy. No loss of life.

■ Negligible (1): Insignificant loss or damage tooperations or budget. No loss of life (ProteusSecurity Group, 1997).

Risk Assessment

6

Extreme and high criticality are of greatest concern.When coupled with high threat and high vulnerability,counteraction is required.

Threat Assessment

DHS defines threat assessment as follows:

A systematic effort to identify and evaluateexisting or potential terrorist threats to ajurisdiction and its target assets. Due to thedifficulty in accurately assessing terroristcapabilities, intentions, and tactics, threatassessments may yield only general informationabout potential risks.

These assessments consider the full spectrum ofthreats, such as natural disasters, criminal activity, andmajor accidents, as well as terrorist activity.

Fused Intelligence

The intelligence process is the foundation of threatassessment. Systematic exploitation of crime-relatedinformation can lead to and support evaluation andanalysis of terrorism and terrorist groups. The who,what, where, when, and how of terrorist groups areclosely related. Intelligence efforts help producereliable, informed responses to these questions.Without such a process, threat assessments can beunpredictable and unreliable.

Threat assessments must be compiled fromcomprehensive and rigorous research and analysis.Law enforcement cannot function unilaterally. Threatassessments that do not incorporate the knowledge,assessments, and understanding of state, local, andprivate organizations and agencies with the potentialthreats being assessed are inherently incomplete. Forexample, a threat assessment of water-district facilitiesshould include the most comprehensive data availablefrom local police, sheriff, and fire departments; healthservices; emergency management organizations; andother applicable local, state, and federal agencies thatmay be affected by an attack on the water district’sinfrastructure. The threat assessment should alsoassimilate germane, open-source, or nonproprietarythreat assessments, as well as intelligence information.Lastly, the assessment must provide a high level ofawareness and understanding regarding the changingthreat and threat environment faced by a governmententity.

Essential data to collect for analysis prior toconducting a threat assessment include:

■ Type of adversary: Terrorist, activist, employee,other.

■ Category of adversary: Foreign or domestic,terrorist or criminal, insider and/or outsider of theorganization.

■ Objective of each type of adversary: Theft,sabotage, mass destruction (maximum casualties),sociopolitical statement, other.

■ Number of adversaries expected for eachcategory: Individual suicide bomber, grouping or“cells” of operatives/terrorists, gangs, other.

■ Target selected by adversaries: Criticalinfrastructure, governmental buildings, nationalmonuments, other.

■ Type of planning activities required toaccomplish the objective: Long-term “casing,”photography, monitoring police and security patrolpatterns, other.

■ Most likely or “worst case” time an adversarycould attack: When facility/location is fullystaffed, at rush hour, at night, other.

■ Range of adversary tactics: Stealth, force, deceit,combination, other.

■ Capabilities of adversary: Knowledge, motivation,skills, weapons and tools (National EmergencyResponse and Rescue Training Center, n.d.).

To accomplish the intelligence mission of processinga threat assessment, a law enforcement executive mustensure that an officer or unit is trained and assignedto identify potential targets and can recommendenhancements for security at those targets. Actionmust be taken by all departments, including thosewith limited resources. Ideally, the entire patrol forceshould be trained to conduct intelligence gatheringand reporting.

Calculating Threat

Threat levels are based on the degree to whichcombinations of these factors are present:

7

■ Existence: A terrorist group is present, or is able togain access to a given locality.

■ Capability: The capability of a terrorist group tocarry out an attack has been assessed ordemonstrated.

■ Intent: Evidence of terrorist group activity,including stated or assessed intent to conductterrorist activity.

■ History: Demonstrated terrorist activity in the past.

■ Targeting: Current credible information or activityexists that indicates preparations for specificterrorist operations—intelligence collection by asuspect group, preparation of destructive devices,other actions.

■ Security environment: Indicates if and how thepolitical and security posture of the threatenedjurisdiction affects the capability of terroristelements to carry out their intentions. Addresseswhether the jurisdiction is concerned with terrorismand whether it has taken strong proactivecountermeasures to deal with such a threat.

To gauge the seriousness of a terrorist threat, thecriticality, threat, and vulnerability can be quantified inthe following way:

■ Critical (5): Existence, capability, and targeting arepresent. History and intentions may not be.

■ High (4): Existence, capability, history, andintentions are present.

■ Medium (3): Existence, capability, and history arepresent. Intention may not be.

■ Low (2): Existence and capability are present.History may not be present.

■ Negligible (1): Existence or capability may not bepresent (Proteus Security Group, 1997).

Identifying a threat is a complex process that is toooften overlooked because the process of threatassessment is not well understood and is often seen astechnically unreachable. Many resources are presentwithin and outside of the law enforcement community

to help law enforcement agencies complete this task,and it is important that they be used.

Vulnerability Assessment

DHS defines vulnerability assessment as follows:

The identification of weaknesses in physicalstructures, personnel protection systems,processes, or other areas that may be exploitedby terrorists. The vulnerability assessment alsomay suggest options to eliminate or mitigatethose weaknesses.

Vulnerability is difficult to measure objectively.Progress is being made by agencies such as theNational Institute of Justice in partnership with theU.S. Department of Energy’s Sandia NationalLaboratories, as well as by studies conducted by theNational Infrastructure Protection Center of DHS, toassist with these assessments. (See the list ofPromising Practices/Resources in appendix I.)

Factors to consider when determining vulnerabilityinclude:

■ Location: Geographic location of potential targetsor facilities, and routes of ingress and egress;location of facility or target relative to public areas,transportation routes, or easily breached areas.

■ Accessibility: How accessible a facility or othertarget is to the adversary (i.e., disruptive, terrorist,or subversive elements); how easy is it for someoneto enter, operate, collect information, and evaderesponse forces?

■ Adequacy: Adequacy of storage facilities,protection, and denial of access to valuable orsensitive assets such as hazardous materials,weapons, vehicles or heavy equipment, andexplosives or other materials that some person ororganization could use deliberately or in anopportunistic manner to cause harm.

■ Availability: Availability of equipment, adequacyof response forces and of general physical securitymeasures.

8

Calculating Vulnerability

The vulnerability level is determined on a five-pointscale using estimates of the sufficiency of protectionor accessibility listed in the above factors.

■ Highly vulnerable (5): A combination of two ormore of the following with due consideration of thethreat level:

■ Direct access to asset or facility is possible viaone or more major highway systems. Watersideaccess is open or adjacent land areas areunoccupied, unguarded, or allow free access.

■ Asset or facility is open, uncontrolled orunlighted, or security is such that threat elementsmay have unimpeded access with which tocollect intelligence, operate, and evade responseforces. Patrols, electronic monitoring, or alarmsystems are easily defeated or provideincomplete coverage.

■ Individual systems within the facility, such ashazardous materials, weapons, explosives, orvehicles, are accessible with minimum force orpossibility of detection.

■ Response units provide minimum effective forceto counter the experienced threat level. In-placephysical security measures do not provideprotection commensurate with the anticipatedthreat level.

■ Moderately vulnerable (3): A combination of twoof the following:

■ Direct access to asset or facility is possible viaone or more major highway systems, but roadsystem is restricted or patrolled. Watersideaccess may be open or adjacent land areasunoccupied, but mitigating geographicconditions may be present (e.g., lengthychannel access).

■ Asset or facility is open, uncontrolled orunlighted, or security is such that threat elementsmay meet some resistance, be detected, oractivate a remotely monitored alarm. Access tocollect intelligence, operate, and evade responseforces is at least partially hampered. Patrols,electronic monitoring, or alarm systems may beeasily defeated or provide incomplete coverage.

■ Individual items within the facility, such ashazardous materials, weapons, explosives, orvehicles, are accessible with moderate force, ortampering may result in detection.

■ Response units provide effective force tocounter the experienced threat level. Physicalsecurity measures do not provide protectioncommensurate with the anticipated threat level.

■ Low vulnerability (1): A combination of two ormore of the following, provided continualawareness of the anticipated threat level ismaintained:

■ Asset or facility is difficult to access from majorhighway or road network, or outside access islimited by geography.

■ Asset or facility has adequate, positive accesscontrol. Patrols, cameras, remote sensors, andother reporting systems are sufficient to precludeunauthorized entry, loitering, photography, oraccess to restricted areas.

■ Appropriate and reasonable safeguards are takento prevent or hinder access to sensitive materials.Protection is commensurate with degree ofmaterial sensitivity and level of threat.

■ Response force is able to answer aninfrastructure or facility breach with appropriatepersonnel, equipment, and timeliness (ProteusSecurity Group, 1997).

Risk Assessment Calculation

Risk assessment combines all earlier assessments—criticality, threat, and vulnerability—to completethe portrait of risk to an asset or group of assets.Numerous techniques are available for calculating risk,ranging from simple qualitative systems to those basedon complex quantitative formulas. A common featureof most methodologies is the input on which they arebased. Almost every technique addresses the followingthree questions to aggregate the information obtainedin each of the assessment steps:

■ Criticality: Asks what is the likely impact if anidentified asset is lost or harmed by one of theidentified unwanted events.

9

■ Threat: Asks how likely is it that an adversary willattack those identified assets.

■ Vulnerability: Asks what are the most likelyvulnerabilities that the adversary or adversaries willuse to target the identified assets.

The law enforcement executive or individual assignedto undertake these analyses can use the methodsdescribed above to determine the risk of unwantedattack on each asset.

Calculating Risk

The comprehensive results of each of the assessmentscan be summarized into a risk statement with anadjectival or numerical rating. The risk equation usedin most systems is expressed in this basic formula:

Risk = Threat x Vulnerability x Criticality

In this equation, risk is defined as the extent to whichan asset is exposed to a hazard or danger. Threat timesvulnerability represents the probability of an unwantedevent occurring, and criticality equals the consequenceof loss or damage to the critical infrastructure or keyasset.

Using this methodology in conjunction with anumerical scale or adjectival rating will produce anobjective conclusion regarding the risk to an asset.Consistency in conducting the evaluations will resultin a more accurate decisionmaking process.

11

Identifying Countermeasures:Where “The Risk” Competes with“The Budget”

Countermeasures are actions, devices, or systemsemployed to eliminate, reduce, or mitigate riskand vulnerability. To assist in making studieddecisions that can be supported over time, multiplecountermeasure packages that recommend appropriateactions should be provided. Options are oftencharacterized as follows:

■ Risk averse package: The preferred option,unconstrained by financial or politicalconsiderations. This package provides a point ofreference for the expenditure necessary to minimizerisk most effectively. This option is designed toreduce risk to the greatest degree possible.

■ Risk tolerant package: The option that strikes abalance between the needs of security andprotection and the financial and political constraintsof a state or municipality.

■ Risk acceptance package: The least desiredoption, which typically reflects the highestacceptable amount of risk, but represents the leastpossible cost. (Jopeck, n.d.)

Countermeasures, such as expansion of agencystaffing, installation of equipment and new technology,or target hardening, must be evaluated or testedperiodically to ensure that improvements are actuallyworking as intended. These evaluations and testsshould verify that policies and procedures are in placeto guide how the countermeasures will be used.Countermeasures include physical security (fencing,camera surveillance, seismic monitoring devices,barricades), cyber security (firewalls, antivirussoftware, secure computer networks), personnelsecurity, and other proactive methods that industryuses to secure critical infrastructure. The CaliforniaState Agency Guidance is an outstanding example ofspecific proactive countermeasures that the state is

taking as the Homeland Security Advisory System isimplemented in California.

Building Capacity

As automation technology advances, the process ofconducting risk assessment and management isbecoming more sophisticated, as noted in appendixesII and III. Law enforcement executives should availthemselves of the progress being made to ensure theyhave the ability to conduct these critical analyses.

Case Study: A Tale of One City

Imagine that you are the chief of police of acommunity of 75,000, located not far from a largemetropolitan area. Your mayor has recently returnedfrom a conference for municipal executives where hereceived a briefing on risk management and how toapply it to assets and infrastructure in towns and cities.He asks you to explain the method you use to assessrisk in your community. He tasks you with conductinga risk assessment and documenting the rationale forhow it was done. He wants it completed within2 weeks.

Fortunately, you previously assigned a team of yourofficers to attend risk management training. They arealready working with the fire chief, director of publichealth, city engineer, and other key public and privateowners and operators of city infrastructure to prioritizerisk in your jurisdiction. As in most cities, a number ofkey public facilities are of concern. A large electricplant supplies power to half of your state as well as alarge portion of three contiguous states. A chemicalplant producing hazardous materials, some of whichmay cause illness or death, is the main employer inyour city. It receives and ships materials by rail, andthe railroad’s right-of-way traverses through a majorportion of your city. There is a reservoir, constructedfrom a dam on the river that runs through the city, anda pier that receives military ordnance from a navalweapons station in an adjoining county. A regional

Risk Management

12

high school and a number of middle and elementaryschools are located throughout the city. A largehospital that supports the four surrounding counties iswithin the city limits. The city has the normal range ofcommercial and public facilities.

Your special team of trained police officers has beendeveloping a threat assessment in coordination withthe region’s Joint Terrorism Task Force (JTTF) andRegional Intelligence Center. They have acquired thelatest information regarding domestic criminalextremist groups that are active in the area, and havecurrent intelligence on two international terroristgroups that leads them to determine that these groupsare targeting sites within your region. Based on thisintelligence, your region has been operating under anelevated threat level of condition “Yellow,” as definedby the Homeland Security Advisory System. Using allintelligence data available, in conjunction with the riskassessment steps provided earlier in this monograph,you determine that your community and itssurrounding areas are at a medium threat level.

Your assessment team has been working closely withthe critical infrastructure owners and operators withinyour area. Since September 11, security has becomeof greater concern to private firms. Each hasconducted a risk management assessment and hasworked diligently to implement the neccessarycountermeasures. Using the vulnerability assessmenttechniques delineated above and verified by yourteam, you conclude that the vulnerability level at thechemical plant is low, in part because the owners have

applied a full array of the safeguards listed in yourvulnerability assessment methodology. In an objectiveseries of assessments, you find that the weapons andammunition pier is moderately vulnerable. Comparedto other assessed facilities, this poses a major concern.

A criticality assessment determines that ordnance isbeing transferred through the pier and stored aboardmoored vessels. With a war underway, this creates alevel of extreme criticality. You apply the datapreviously gathered and rate each of the assets andcritical infrastructures in your community against therating system provided above, and find that theordnance pier is a major risk to your community.

You present your findings to the mayor, who raisesquestions regarding your risk assessment. Your riskanalysis provides you with the appropriate data tomake an objective case and to delineate requirements.You provide countermeasure proposals, includingcoordination with state and federal authorities, toensure that security improvements are prioritizedwithin the currently identified necessarycountermeasures.

With few modifications, the above scenario is one thatactually confronted a chief of police. Withoutconducting a risk analysis, it would have been easy butincorrect to conclude that the chemical plant, in thiscase, was most at risk. Objective assessment revealedthat the exposed ammunition pier was the primary riskto the city and required attention. Actions were taken,accordingly, to improve the security of the pier.

13

On September 11, 2001, the country realized themagnitude of the terrorist threat to the homeland.

It took this cataclysmic event for the country to directresources to law enforcement agencies so they couldbegin to build the capacity they need to deal withterrorism. The emergency services community ispositioned to become better prepared to deal with

Summary

threat. Law enforcement executives must realize,however, that resources remain limited at all levels ofgovernment. They must also realize that to becomeproficient in the entire gamut of risk management, andto ensure that staff can accomplish these analyses orgain access to those who can, is an operationalimperative.

15

Numerous resources, some more detailed andinvolved than others, are available to help law

enforcement executives and their agencies conduct andgain mastery of risk assessments. The VulnerabilityAssessment Methodologies Report, a comprehensivestudy sponsored by DHS, Office for DomesticPreparedness, provides “. . . an analysis of variouscommercial and government vulnerability assessmentmethodologies which can be used by state and localgovernments to assess risk associated with their areaof responsibility.” The report lists the followinggovernment methodologies for consideration:

Draft National Infrastructure Protection Plan(NIPP): The draft NIPP will be published in finalform in fall 2005 by DHS, and will serve as thefoundation of risk assessments for the nation’s criticalinfrastructure. It will provide specific guidance anddirection to interested parties to producecomprehensive risk assessments for terrorist attacks ina consistent format and will provide the framework forintegrating critical infrastructure protection initiativesinto a single national effort.

DHS Assessment and Strategy Development ToolKit: This is the program guideline used by DHS,Office for State and Local Government Coordinationand Preparedness. It applies to all missions and sectorsand helps identify potential targets. It is also helpful inconducting vulnerability assessments to use inapplying for baseline grant funding for state domesticpreparedness equipment and other federally fundedrequirements. The guideline is available at www.shsasresources.com/documents/state_handbook.pdf.

Business Continuity Management (BCM)Methodology: This methodology was createdspecifically for financial institutions. It addressesidentifying and determining the value of an asset;identifying threats to disclosure; calculating theconsequences of loss or disruption; assessing technicaland nontechnical weaknesses or vulnerabilities; andcalculating risk by integrating the threat andvulnerability assessments.

California Highway Patrol Crime Prevention Plan:This plan provides guidelines for awareness, riskassessment, and mitigation actions. It includesquestions for self-assessment and is directed primarilytoward the physical security of law enforcementfacilities.

State of Colorado Critical Infrastructure and KeyAsset (CIKA) Assessment Methodology: Thissoftware package is designed for critical infrastructureand key assets. It allows the user to self-assess with anumerical 0–5 rating scale based on the followingCIKA factors: visibility, value, accessibility, hazard,population, mass casualties, criticality, servicedisruption, primary function, and geographic impact.The total score represents the criticality/vulnerabilityrating for the identified critical infrastructure and keyasset.

Method to Assess the Vulnerability of U.S.Chemical Facilities: This is a prototype vulnerabilityassessment methodology (VAM) developed especiallyfor chemical facilities by Sandia National Laboratoriesand the National Institute of Justice. It comparesrelative security risks and allows for development ofrecommended measures to reduce risks.

North Carolina Terrorism Vulnerability Self-Assessment: This general guidelines worksheet forstate agencies can be used for all sectors, but isparticularly appropriate for assessing the bioterrorismresponse capability of local health departments andhospitals. It enables users to rate vulnerability on ascale of 1–20 (low to high) in the following areas:potential terrorist intentions, specific targeting,visibility, onsite hazards, population, mass casualtypotential, security environment, criticality, high-riskpersonnel (critical to continuity of business andgovernment), communications, security, andemergency response preparedness. This worksheetis available at www.nccrimecontrol.org/forms/terrorismselfassessment.htm.

Appendix I: Promising Practices/Resources

16

Sandia National Lab Community VulnerabilityAssessment Methodology (VAM): This plan appliesto all mission and sector categories, in addition toeducation; recreation venues such as parks, museums,and tourist attractions; emergency facilities; foreign-represented governments (such as embassies,residences, businesses); and special divisions suchas abortion clinics and religious facilities. Thismethodology was developed as a prototype for theChemical Facility Vulnerability Assessment Projectand lays the foundation for a computer-basedvulnerability assessment tool. Sandia NationalLaboratories uses Dams Security AssessmentMethodology, Water Supply and Treatment VAM,Vulnerability Analyses and Security Design Reviewsfor Correctional Facilities, and VAM for CommunityVulnerability (VAM–CF).

■ Risk Management: An Essential Guide toProtecting Critical Assets: www.nipc.gov/publications/nipcpub/P-RiskManagement.pdf.

The California State Agency Guide: In this document,published in March 2003, the California Governor’sOffice of Emergency Services integrates the federalHomeland Security Advisory System (HSAS) into theCalifornia HSAS. The 95 protective measuresdescribed for implementing the five color-codedfederal threat conditions are comprehensive and usefulfor all levels of governmental and law enforcementjurisdictions.

Orange County Sheriff’s Office, Santa Ana,California: Sheriff Mike Corona has developed aformal Threat Assessment Team for Major Countiesand is part of the Integrated Multi-Agency IntelligenceGathering Group. Together, these two groupscoordinate all homeland security activities bygathering and sharing intelligence, assessing possiblethreats, and planning and conducting all homelandsecurity operations.

“The Red, Gray, and Blue Model: A New Tool toHelp Law Enforcement Executives Address theTransformed Security Environment”: This article,published in the February 2002 issue of PoliceChief Magazine, provides insights and practicalrecommendations for assessing the threat, theenvironment, and the ability of law enforcementexecutives to operate in the arena of weapons ofmass effect.

17

Even though methods for performing threat, risk,and vulnerability assessments; security analyses;

and security surveys existed previously, few related toone another and the definitions they provided oftenoverlapped or were unclear. HLS–CAM is the firstmodel to integrate assessments and indicate the orderof priority in which critical facilities and infrastructureare assessed.

The HLS–CAM methodology was created by theNational Domestic Preparedness Coalition, Inc.(NDPCI), a nonprofit, public and private partnershipled by the Orange County (Florida) Sheriff’s Office,the West Virginia University School of Medicine, andthe West Virginia National Guard. HLS–CAM is agrassroots effort developed by emergency respondersfor emergency responders.

NDPCI created HLS–CAM after recognizing the needfor a uniform, comprehensive, and holistic method ofperforming assessments by federal, state, county, local,and private organizations charged with protectingcitizens, facilities, and infrastructure from terrorismand other hostile criminal activity. HLS–CAMcomplies with all four objectives of HomelandSecurity Presidential Directive 7, the National CriticalInfrastructure Protection Plan, and the NationalIncident Management System (NIMS).

The States of Florida and West Virginia have adoptedthe HLS–CAM methodology as their assessmentmodels. Plans and accomplishments include thefollowing:

■ Florida Regional Domestic Security Task Force toassess all seven regions of the state. Individualsfrom all 67 counties have been trained, and thesecond round of training has been completed.

■ I-Florida Grant Project to assess state-ownedbridges.

■ Florida Department of Transportation to assess allFDOT facilities and infrastructure.

■ The State of Florida to assess all state-ownedfacilities and infrastructure as mandated by statestatute.

■ Florida Department of Emergency Management toassess all emergency operations centers. Thisdepartment must use HLS–CAM methodology toreceive grant money for improvements.

■ Various local jurisdictions throughout Florida havebeen trained and are in the process of completingHLS–CAM for their areas of responsibility.

■ Alltel Stadium in Jacksonville, Florida, to beassessed for Super Bowl XXXIX using theHLS–CAM methodology.

■ The State of West Virginia to use HLS–CAM toassess critical facilities, infrastructure, and eventsthroughout the state.

■ The National Guard Bureau has adopted theHLS–CAM methodology as the baselineassessment for the Full Spectrum VulnerabilityAssessment in all 50 states.

■ The National Park Service to use HLS–CAM, inconjunction with the Pennsylvania State Police, toassess Independence National Historical Park,located in downtown Center City, Philadelphia.

Methodology

HLS–CAM is a 5-part continuous process consistingof the following:

■ Threat assessment: Examines and defines acommunity; identifies critical facilities,infrastructures, and events; identifies threatgroups; determines the likelihood that, given thecurrent intelligence or designated federal, state, orlocal threat levels, a specific target will be subjectto terrorist or hostile criminal attack.

Appendix II: Homeland SecurityComprehensive Assessment Model (HLS–CAM): Up and Running

18

■ Criticality assessment: Determines the overallimpact of a terrorist attack on a given target and theadverse effect it has within a community.

■ M/D–SHARPP Matrix: Used to analyze criminaland/or terrorist targets that have been identifiedthrough the community threat assessment andcriticality assessment. M/D–SHARPP furtheranalyzes potential targets using informationobtained in the threat assessment, and looks at thetarget through the threat group’s perspective.

■ Community priority assessment plan: Derivedfrom the criticality assessment and theM/D–SHARPP Matrix, used to determine the orderof priority for the vulnerability assessment ofcritical facilities, infrastructure, and events asidentified by the community threat assessment.

■ Vulnerability assessment: A critical onsitephysical examination and thorough inspection of anasset’s perimeter, property within its perimeter, andexterior and interior building spaces, to include alloperational systems and procedures along with thesecurity of a facility.

Automated HLS–CAM™

Because of HLS–CAM’s broad scope ofimplementation, NDPCI partnered with Intelliorg, Inc.,to automate HLS–CAM, optimize its application, andenable efficient and accurate training of lawenforcement personnel. The end product, AutomatedHLS–CAM™, is now available.

In June 2004, NDPCI received a grant from ODP todemonstrate the HLS–CAM methodology andAutomated HLS–CAM™ in the States of Florida andMississippi.

Training

NDPCI provides classroom training sessions thatcover all aspects of the HLS–CAM methodology.Students representing many disciplines andbackgrounds, including all emergency responseproviders, attend these 3-day courses offered at avariety of locations throughout the nation. TheHLS–CAM training course provides students witha working knowledge of the HLS–CAM process aswell as tools for using the HLS–CAM model in theirparticular community, in conjunction with theirjurisdictional expertise.

19

Operation Archangel: A MajorStep in the Right Direction

Operation Archangel is an initiative being developedby the city and County of Los Angeles, the CaliforniaState Office of Homeland Security, and DHS. Itsprimary focus is to prevent terrorist acts and criticalincidents. It will eventually become applicable andexportable to all levels and sizes of government lawenforcement agencies.

Operation Archangel is divided into four distinct, yetintegrated initiatives:

■ Identification and Prioritization of CriticalAssets: Archangel has established a criterion, orstandard, for identifying assets that are deemedcritical. The Archangel definition of a critical assetis the product of an indepth, nationwide study ofworking models and publications that involvedsubject matter experts and stakeholders. TheArchangel Critical Asset Definition will be usedduring a comprehensive reinventory of the city ofLos Angeles, and is currently being considered foruse by the California State Office of HomelandSecurity as its statewide standard. This definitionwill be used to help determine resource allocation.

■ Critical Asset Assessments (CAAs): Archangelfeatures the following three-tiered template forconducting critical asset assessments from amultiagency perspective:

■ Conduct appropriate vulnerability assessments(VAs) to determine and reduce a location’sdegree of vulnerability.

■ Harvest detailed, location-specific information(e.g., names, phone numbers, floor plans,exterior signs/characteristics), in readinessinformation folders (RIFs) for use by preincidentplanners and onsite incident commanders duringcritical incidents.

■ Draft site-specific, preincident securityenhancement plans and postoccurrence actionplans to provide planners and incidentcommanders with tactical guidance and insightin the field.

■ Archangel Critical Asset Management System(ACAMS): Archangel is working with DHS todevelop an interoperable database to manage thewealth of information associated with criticalassets. The ACAMS development process has beenbroken down into three specific informationcollection and planning phases:

■ Critical asset information, including site-specificpreincident security enhancement plans, for useby strategists to prevent and deter incidents fromoccurring.

■ Response information folders containing site-specific facility information.

■ Site-specific postoccurrence action plans for theincident command staff to use should an eventoccur to the asset despite efforts to the contrary.

■ Archangel Security Augmentation Teams(SATs): SATs are plainclothes low-profile teamsof personnel specifically trained and uniquelyequipped to provide a comprehensive cloak ofsecurity to a threatened asset. Primarily, a SATwould be deployed when intelligence indicates thata reasonable threat may be directed at a criticalasset or event. However, in the absence of clearintelligence, the SAT would deploy to critical assetsthroughout its area of responsibility, providing alow-key, but nonetheless visible and viable,enhancement to the resident security measures.

Appendix III: A Promising Program

21

The courses listed below are available to the lawenforcement community and should be considered

for integration into the training of personnel who aretasked with conducting risk and threat assessments:

■ Weapons of Mass Destruction: Threat and RiskAssessment (Local Jurisdiction): DHS, Border andTransportation Security, ODP offers this course,which is delivered by the National EmergencyResponse and Rescue Training Center, TexasEngineering Extension Services, a member ofNDCPI. The objective of the course is to teach attendees how to conduct comprehensive riskassessments and identify necessary countermeasures.The course is free to eligible jurisdictions, asdetermined by ODP. To enroll in this course, phone1–800–368–6498, or go to www.fema.gov/compendium/course.

■ Homeland Security Comprehensive AssessmentModel (HLS–CAM): HLS–CAM is a 5-partcontinuous program that consists of threatassessment, criticality assessment, an analyticaltarget matrix, a community priority assessmentplan, and vulnerability assessment. NDCPI providestraining that teaches students how to use theHLS–CAM model in their particular communitiesin conjunction with their jurisdictional expertiseand gives students a working knowledge of theHLS–CAM process. For information regardingthis course, contact NDCPI at 407–254–7100 or e-mail ed.dorce@ocfl.net.

■ State Strategy Technical Assistance: Under theState and Local Domestic Preparedness TechnicalAssistance Program, ODP has implemented aState Strategy Technical Assistance componentto help states meet the needs assessment andcomprehensive planning required under ODP’sFiscal Year 1999 State Domestic PreparednessEquipment Support Program. More specifically,State Strategy Technical Assistance assists states indeveloping and implementing a 3-year state strategyto enhance a jurisdiction’s preparedness for aterrorist incident involving weapons of mass

destruction. The goals of the program are toenhance the state’s and local jurisdictions’understanding of the assessment process; theirability to conduct assessments; and their ability todevelop a 3-year state strategy. ODP is providingthree distinct training sessions to better preparestate and local jurisdictions to meet each programgoal. For further information on the HomelandSecurity Preparedness Technical AssistanceProgram, call ODP’s Help Line at 1–800–368–6498or e-mail askcsid@dhs.gov.

■ Assessing Terrorism Related Risk Workshop:This workshop, provided by the S2 Safety andIntelligence Institute, aids security and public safetyplanners in developing an effective methodology forevaluating terrorism-related risk. It introduces thevarious types of terrorism-related risks and walksthe students through the process of conducting aqualitative risk assessment. It uses exercises to helpstudents understand the process of risk assessmentand to teach them how to apply risk managementprinciples to anti-terrorism and security planning.

In addition to exploring risk management principles,this workshop introduces students to unique challengesand solutions for evaluating vulnerability in specifictypes of terrorist attack scenarios. Some of thevulnerability assessment methods explored during theprogram include quantitative performance-basedphysical security assessment, qualitative blastvulnerability assessment, and analysis of vehiclebarrier design and performance.

The workshop is intended for security managers,facility managers, military force protection officers,emergency planners, and city and government planningofficials, and is restricted to verified security, lawenforcement, and government employees only. CHS-certified practitioners are eligible for 16 hours ofCEU/inservice training credit through the AmericanCollege of Forensic Examiners. Assessing TerrorismRelated Risk is presented in two 8-hour days. Formore information, call 727–461–0066 or go tohttp://222.s2institute.com.

Appendix IV: Risk Assessment Training

23

References

Jopeck, Ed. n.d. Continuous Risk Management—ANext Generation Approach to Security Management.Draft monograph prepared for Veridian-TridentSystems, Alexandria, VA.

National Emergency Response and Rescue TrainingCenter. n.d. Assessment and Strategy Development:Introduction to the Assessment Process. Briefing.College Station, TX: Texas Engineering ExtensionService.

Needle, Jerome A. 2004. Post September 11 Policing:Best Practices for Managing New Realities. Survey.Alexandria, VA: International Association of Chiefs ofPolice.

Proteus Security Group. 1997. Risk: A Risk Model.Monograph. The Proteus Security Group, Inc.Available online at http://members.aol.com/proteus101/risk.html.

The White House. 2003. The National Strategy for thePhysical Protection of Critical Infrastructure and KeyAssets. Washington, DC.

Wohlstetter, Roberta. 1962. Foreword to PearlHarbor: Warning and Decision. Palo Alto, CA:Stanford University Press.

25

Association of American Railroads. 2002. Terrorism,Risk Analysis and Security Management Plan.Washington, DC.

Flynt, Bill, and Ron Olin. 2002. The Red, Gray andBlue Model. The Police Chief Magazine. 69(2)(February).

Jopeck, Ed, and Geoff French. 2003. Risk Analysisand Risk Management: Considerations for HomelandSecurity. Alexandria, VA: Veridian.

Kempfer, Hal. 2002. Threat Assessment ProcessSupporting Risk and Vulnerability Assessments.Long Beach, CA: Knowledge & Intelligence ProgramProfessionals.

Marynik, Jerry. 1998. Threat Assessment GuideEvaluating and Civilianizing Criminal ExtremistGroups. Sacramento, CA.: California Department ofJustice.

National Insitute of Justice. 2002. Chemical FacilityVulnerability Assessment Methodology. Special Report.NCJ 195171. U.S. Department of Justice.

New York State Office of Public Security. n.d. TheNew York State Homeland Security System Definition.Albany, NY.

North Carolina Department of Agriculture andConsumer Services. n.d. Terrorism ThreatVulnerability Self Assessment Tool.

Parachini, John. 2000. Combating Terrorism:Assessing Threats, Risk Management, andEstablishing Priorities. Testimony before the HouseSubcommittee on National Security, Veterans Affairs,and International Relations.

Major Cities Chiefs Association. 2004. Terrorist AlertPolicy: Local Law Enforcement Threat Guidelines.Prepared for the Office of Domestic Preparedness.Washington, DC: U.S. Department of HomelandSecurity.

Office for Domestic Preparedness. 2003. VulnerabilityAssessment Methodologies Report. Phase I finalreport. Washington, DC: U.S. Department ofHomeland Security.

U.S. Department of Homeland Security. 2003.Assessment and Strategy Development Tool Kit.Original edition, U.S. Department of Justice, 1999.Washington, DC.

U.S. Department of Homeland Security. n.d.Homeland Security Advisory System. Available onlineat www.dhs.gov/dhspublic/display?content=3927.

U.S. General Accounting Office. 1998. CombatingTerrorism: Threat and Risk Assessments Can HelpPrioritize and Target Program Initiatives.Washington, DC.

The White House. 2001. National Strategy forCombating Terrorism. Washington, DC.

Bibliography